Re: Something like SSL_CTX_set_alpn_select_cb for ciphers and ssl/tls protocol version

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 18/06/2019 10:13, Alexander Gryanko wrote:
> Hello, 
> 
> I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but for
> ciphers and ssl/tls protocol version. As I see ssl_choose_server_version and
> ssl3_choose_cipher has no any callbacks in tls_early_post_process_client_hello.
> Is there any way to disable protocols for some cases? Something like A/B testing
> with 50% of traffic with enabled Chacha20 and 50% of traffic with disabled.

If you are using OpenSSL 1.1.1 then probably you could do something with the
client hello callback:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

Matt




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux